🐞🔨Authentication Prevent a condition when double-tapping sign-in

- #1809

OK, so my working assumption is that the bug is caused by two requests
being processed at the same time for a new email address, and the first
one creates the `AuthenticationMethod` and the second one *tries* to,
and fails; resulting in the validation error.

This requeries the database and retries the rest of the work.

Would love to have names for methods to pull this out into, rather than
copy-pasting the method body but oh well.

app/models/authenticated_session.rb

@@ -45,6 +45,16 @@ def save
     end
 
     false
+  rescue ActiveRecord::RecordInvalid
+    self.authentication_method = nil
+    if one_time_password.nil?
+      authentication_method.send_one_time_password!(space)
+      false
+    elsif authentication_method.verify?(one_time_password)
+      session[:person_id] = authentication_method.person.id
+      authentication_method.confirm!
+      true
+    end
   end
 
   # If we don't have a OTP _or_ a way of issuing one, there's nothin' we can do.

spec/models/authenticated_session_spec.rb

@@ -71,29 +71,46 @@
             expect { authenticated_session.save }.not_to change(AuthenticationMethod, :count)
           end
         end
-      end
 
-      context "and the correct otp is provided" do
-        let(:one_time_password) { "123456" }
+        context "when a race condition caused the authentication method was created in another thread" do
+          let(:authentication_method) { nil }
+
+          it "reloads the authentication method and tries again" do
+            sad_authentication_method = instance_double(AuthenticationMethod)
+            allow(sad_authentication_method).to receive(:send_one_time_password!).with(space).and_raise(ActiveRecord::RecordInvalid)
+            happy_authentication_method = instance_double(AuthenticationMethod)
+            allow(happy_authentication_method).to receive(:send_one_time_password!).with(space)
+            allow(AuthenticationMethod).to receive(:find_or_initialize_by).with(contact_method: :email, contact_location: "[email protected]").and_return(sad_authentication_method, happy_authentication_method)
 
-        before do
-          allow(authentication_method).to receive(:verify?)
-            .with(one_time_password).and_return(true)
+            authenticated_session.save
 
-          allow(authentication_method).to receive(:person)
-            .and_return(build_stubbed(:person, id: SecureRandom.uuid))
+            expect(sad_authentication_method).to have_received(:send_one_time_password!).with(space)
+            expect(happy_authentication_method).to have_received(:send_one_time_password!).with(space)
+          end
         end
 
-        it "confirms the authentication method" do
-          authenticated_session.save
+        context "and the correct otp is provided" do
+          let(:one_time_password) { "123456" }
 
-          expect(authentication_method).to have_received(:confirm!)
-        end
+          before do
+            allow(authentication_method).to receive(:verify?)
+              .with(one_time_password).and_return(true)
 
-        it "populates the persons id in the session" do
-          authenticated_session.save
+            allow(authentication_method).to receive(:person)
+              .and_return(build_stubbed(:person, id: SecureRandom.uuid))
+          end
 
-          expect(session[:person_id]).to eql(authentication_method.person.id)
+          it "confirms the authentication method" do
+            authenticated_session.save
+
+            expect(authentication_method).to have_received(:confirm!)
+          end
+
+          it "populates the persons id in the session" do
+            authenticated_session.save
+
+            expect(session[:person_id]).to eql(authentication_method.person.id)
+          end
         end
       end
     end